Medical Device Security Regulations and Assessment Case Studies

Outlet Title

2022 IEEE 19th International Conference on Mobile Ad Hoc and Smart Systems (MASS)

Document Type

Conference Proceeding

Publication Date



The ever-expanding world of technology connects more devices to the Internet; medical devices are no exception. Thus, a newly emerging area in development is Internet of Medical Things (IoMT). This research explores medical device vulnerabilities by conducting security assessments and identifying practical approaches to mitigate security risks in healthcare. Another goal of this project was to demonstrate an outline of the regulations, requirements, and stakeholders from both the United States, European Union, and their respective sub-organizations. Challenges arose with security of hospitals, manufacturers, and paywalls for European documents. Three medical devices, i.e., SmartLinx Axon 810 Capsule, Alaris 8015 PC Infusion Pump, and Samsung Hospitality TV, were selected for this research. These three devices are used alongside other devices in an extensive network that plays a crucial role in hospitals. The research methods used for security assessment in this project include network traffic analysis, vulnerability scanning, and brute force attacks; in addition, incorporating security tools such as NMAP, Wireshark, Metasploit, and Burp Suite. By doing vulnerability testing and mitigation, this research aims to improve medical device cybersecurity.